11-28-2023 05:43 AM
Hello guys,
In DNAC, the Authentication Template can be tuned to adjust the Authentication method order, the timers, etc.
This template is represented as an IOS-XE template which itself calls a policy-map (ex: "PMAP_DefaultWiredDot1xClosedAuth_1X_MAB").
Combined together, the template and PMAP configuration is applied to all access switchports, unless modified by the Port Assignment in the Host Onboarding page.
My question is: is there a way from DNAC to apply a different PMAP (ex: PMAP_DefaultWiredDot1xClosedAuth_MAB_1X instead of 1X_MAB) for some specific ports?
I know I can use template for that but I'm wondering if this is supported in DNAC WebUI? Or in roadmap?
Regards,
Sylvain.
Solved! Go to Solution.
12-12-2023 02:49 AM
I think you can not do this. As you say it is a global configuration for all of your swtich ports.
I think the only you could do is create a CLI policy-map with your port configuration requirements in DNAC --> Template Editor. Assign it to provison it to all your switches, then you will have the CLI configuration you are interested for your ports in all of your switches as a policy-map.
Then create another DNAC --> Template with the config for the ports to assign this policy-map created before (if you have a static list of ports for all your switches) and provision it again to your switches. Then you will have these ports with the policy-map applied.
12-12-2023 03:17 AM
no, no... i got your point correctly. & recap is: whatever templates u need not available in the DNAC "Authen template" already u have to configure it via DNAC Network Templates as @alberx noticed. hopefully the day will come when this product gets enough maturity...
11-28-2023 05:56 AM
SW 2.3.5 : only DOT1X & then MAB order
11-30-2023 11:27 PM
Hello Andy,
I think you didn't understand my question.
Basically, I configure my Authentication Template to be 802.1x then MAB. This template is by default applied to all switchports of my Fabric Edge.
Now if for a specific switchport I want MAB then 802.1x, I'm wondering if I can do something to apply such configuration via DNAC. Because on the Port Assignment window, I can only select my Authentication Template which has the global settings (.1x then MAB).
Sylvain.
12-12-2023 03:17 AM
no, no... i got your point correctly. & recap is: whatever templates u need not available in the DNAC "Authen template" already u have to configure it via DNAC Network Templates as @alberx noticed. hopefully the day will come when this product gets enough maturity...
12-12-2023 02:49 AM
I think you can not do this. As you say it is a global configuration for all of your swtich ports.
I think the only you could do is create a CLI policy-map with your port configuration requirements in DNAC --> Template Editor. Assign it to provison it to all your switches, then you will have the CLI configuration you are interested for your ports in all of your switches as a policy-map.
Then create another DNAC --> Template with the config for the ports to assign this policy-map created before (if you have a static list of ports for all your switches) and provision it again to your switches. Then you will have these ports with the policy-map applied.
12-12-2023 05:59 AM
Thanks @alberx and @andy!doesnt!like!uucp ,
I got your point.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide